Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• The U.S. Coast Guard worked March 29 to clean approximately
11,500 gallons of crude oil that spilled and reached the Bayou Teche while a
tank was being filled at PSC Industrial Outsourcing in Louisiana March 28. – WAFB
9 Baton Rouge; Associated Press

1. March 29,
WAFB 9 Baton Rouge; Associated Press – (Louisiana) Contractor
reportedly cleaning more than 11,000 gallons of oil due to spill near
Charenton. The U.S. Coast Guard was working to clean March 29 approximately
11,500 gallons of crude oil that spilled and reached the Bayou Teche while a
tank was being filled at PSC Industrial Outsourcing in Louisiana March 28. The
spill prompted a shelter in place advisory for nearby residents, the closure of
LA 98, and the closure of the Bayou Teche to all commercial boat traffic
between Jeanerette and Charenton for several hours. Source: http://www.ksla.com/story/31584484/charenton-sorrel-area-residents-under-shelter-in-place-advisory-due-to-chemical-spill

• A dust storm that passed through San Bernardino County March 28
led to a 15-car pileup near California 18 and Rabbit Springs Road that left 28
people injured. – Los Angeles Times

12. March 28,
Los Angeles Times – (California) Dust storm triggers 15-vehicle pile-up in
Lucerne Valley; 28 people injured. A dust storm that passed through San
Bernardino County March 28 led to a 15-car pileup near California 18 and Rabbit
Springs Road that left 28 people injured.

7. March 29,
Softpedia – (National) TreasureHunt PoS malware linked to illegal credit
card sharing forum. Researchers from FireEye reported that a new strain of
point of sale (PoS) malware, dubbed TreasureHunt was being used by BearsInc, a cyber-crime
group, to power its malicious campaign targeting small businesses and banks in
the U.S. that have not yet transitioned to the new Europay, MasterCard, and
Visa (EMV) chip and Personal Identification Number (PIN) card system. The new
strain adds a registry key for boot persistence to a device, scans the device’s
memory for credit card information, and encodes and sends the data to a command
and control (C&C) server.

9. March 28,
U.S. Securities and Exchange Commission – (New York) Securities professional
charged with defrauding institutional investors. The U.S. Securities and
Exchange Commission charged a New York-based securities professional March 28
after he allegedly solicited approximately $95 million from 2 institutional
investors by offering promissory notes issued by Irving Place III SPV LLC, a
shell entity with no legitimate business operations, obtained a $25 million
investment in November 2015 and used the funds for personal use, and attempted
to solicit an additional $70 million from 2 investors using false and
misleading statements. The U.S. Attorney’s Office for the Southern District of
New York announced March 28 parallel criminal charges against the securities
officer. Source: https://www.sec.gov/news/pressrelease/2016-58.html

10. March 28,
KHON 2 Honolulu – (International) Honolulu man arrested in credit card scheme
involving cyber black market. FBI officials arrested a man from Hawaii
March 28 after he allegedly purchased information on the cyber black market to
obtain credit cards from Russia, China, and Vietnam as part of an elaborate
scheme that used online credit card applications, temporary mail forwarding
requests, burner phones, and shopping sprees to steal the identities of over 40
people, open 80 bank accounts with the stolen information, and accumulate over
$100,000 in fraudulent credit card activity. Source: http://khon2.com/2016/03/28/fbi-arrests-honolulu-man-for-credit-card-fraud/

Information Technology Sector

21. March 28,
Softpedia – (International) Flaw in Truecaller Android app leaves data of
millions of users exposed. Security researchers from Cheetah Mobile Security
Research Lab discovered a remotely exploitable flaw in the Truecaller app that
exposed the personal information of millions of users and could allow attackers
to modify users’ account settings through the application’s international
mobile equipment identity (IMEI) code. Attackers could write scripts through
query random IMEI codes to collect a user’s data and subsequently, use the
collected data in spam or phishing campaigns.

22. March 28,
SecurityWeek – (International) Zen Cart patches multiple XSS
vulnerabilities. Zen Cart released an updated version to its online open
source shopping cart application, Zen Cart 1.5.4 that patched several
cross-site scripting (XSS) vulnerabilities after researchers from Trustwave
found the flaws in the administrative section of Zen Cart that could result in
access to cookies, sensitive information, or site defacement. Researchers
advised users to upgrade their software to the latest version to avoid the
flaws. Source: http://www.securityweek.com/zen-cart-patches-multiple-xss-vulnerabilities

23. March 28,
Softpedia – (International) Facebook fixes Instagram issue that allowed
account takeover. A Belgian security researcher discovered critical flaws
in Instagram that could have allowed an attacker to reset emails attached to an
account and reset the account’s password after Facebook was discovered printing
sensitive Instagram user information on the Web page. In addition, an Insecure
Direct Object Reference vulnerability allowed unauthenticated users to access
other users’ information and could potentially allow an attacker to do the same.
Source: http://news.softpedia.com/news/facebook-fixes-instagram-issue-that-allowed-account-takeover-502277.shtml

For another story, see item 7 above in the Information Technology Sector

Communications Sector

24. March 28,
CNBC – (National) Sprint struck with multistate network problems. Sprint
Corporation announced March 28 that network issues prompted a loss of service
for customers across several States. All services were restored after crews
spent several hours resolving the issue.

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"